Increased foreign threat to COVID-19 research prompts extraordinary warning from Cana…

“With regards to the specific threats, the Cyber Centre has assessed that the COVID-19 pandemic presents an elevated level of risk to the cyber security of Canadian health organizations involved in the national response to the COVID-19 pandemic.”

‘Foreign interference and espionage’

CSIS reported “an increased risk of foreign interference and espionage due to the extraordinary effort of our businesses and research centres.”

“As a result, CSIS is working with these organizations to ensure that their work and proprietary information remains safely in their control. Its focus is on protecting Canadian intellectual property from these threats — and jobs and economic interests with it.”

The statement doesn’t name the state actors suspected of posing a threat and neither agency would say whether they’ve witnessed specific attacks.

The warning comes a day after the FBI and the Cybersecurity and Infrastructure Security Agency in the U.S. publicly accused China of targeting U.S. organizations running COVID-19-related research.

“The United States condemns attempts by cyber actors and non-traditional collectors affiliated with the People’s Republic of China (PRC) to steal U.S. intellectual property and data related to COVID-19 research,” said Secretary of State Mike Pompeo in a statement today.

“The potential theft of this information jeopardizes the delivery of secure, effective and efficient treatment options.” 

The joint statement from the Canadian intelligence agencies follows an alert the CSE put out in March warning about potential online attacks against the Canadian health sector, including research facilities.

“These actors may attempt to gain intelligence on COVID-19 response efforts and potential political responses to the crisis or to steal ongoing key research towards a vaccine or other medical remedies,” it warned.

Scott Jones, head of the CSE’s Cyber Centre, cautioned at the time that those sophisticated threat actors could target Canadian medical research labs working on vaccines or other remedies through manipulation or spear-phishing campaigns — or by going after critical vulnerabilities as more housebound employees connect with their workplaces through VPNs (virtual private networks).

Jones said intellectual property theft — through stealing or corrupting data generated by Canadian researchers — is a “lower probability” threat but one that would be “very high impact.”

“We’re saying, ‘OK this is a time to maintain vigilance, because you will be targeted,'” he said during a March interview.

Working with Five Eyes allies

While today’s statement doesn’t mention specific state actors, it does point out that both agencies work closely with the Five Eyes intelligence-sharing alliance, which includes the United States.

“We regularly share information with our partners, including the U.S., which has a significant impact on protecting our respective countries’ safety and security,” says the statement.

The Cyber Centre said it also regularly shares threat information with health care and research sectors, provincial and territorial governments.

In today’s statement, the CSE stressed that most of the malicious threat activity it has seen during the pandemic period has been criminal in nature.